CVE-2022-3178: 
NixOS vulnerability analysis and mitigation

A Buffer Over-read vulnerability was identified in the GPAC repository (CVE-2022-3178) affecting versions prior to 2.1.0-DEV. The vulnerability was discovered and disclosed on September 12, 2022, impacting the GPAC multimedia framework (NVD Database, CVE Mitre).

The vulnerability is classified as a Buffer Over-read (CWE-125) issue. It received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially leading to high impacts on confidentiality, integrity, and availability (NVD Database).

The Buffer Over-read vulnerability could potentially lead to high impacts on system confidentiality, integrity, and availability. Given the CVSS scoring, successful exploitation could result in significant security implications for affected systems (NVD Database).

The vulnerability was addressed in GPAC version 2.1.0-DEV. A patch was released that modified the buffer allocation in the boxcodebase.c file, specifically adjusting the extra bytes allocation for UTF16 case string dump from 2 to 3 bytes to ensure proper 0-aligned short value (GitHub Patch).